Ticket #250: 220-allow-polarssl-1.2.3.patch
File 220-allow-polarssl-1.2.3.patch, 2.3 KB (added by , 12 years ago) |
---|
-
src/openvpn/crypto_polarssl.h
60 60 #define OPENVPN_MODE_OFB POLARSSL_MODE_OFB 61 61 62 62 /** Cipher is in CFB mode */ 63 #if POLARSSL_VERSION_NUMBER < 0x01020000 63 64 #define OPENVPN_MODE_CFB POLARSSL_MODE_CFB128 65 #else 66 #define OPENVPN_MODE_CFB POLARSSL_MODE_CFB 67 #endif 64 68 65 69 /** Cipher should encrypt */ 66 70 #define OPENVPN_OP_ENCRYPT POLARSSL_ENCRYPT -
src/openvpn/ssl_polarssl.c
67 67 68 68 static int default_ciphersuites[] = 69 69 { 70 #if POLARSSL_VERSION_NUMBER >= 0x01020000 71 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 72 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 73 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 74 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 75 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 76 TLS_RSA_WITH_AES_256_CBC_SHA, 77 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 78 TLS_RSA_WITH_AES_128_CBC_SHA, 79 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 80 TLS_RSA_WITH_3DES_EDE_CBC_SHA, 81 TLS_RSA_WITH_RC4_128_SHA, 82 TLS_RSA_WITH_RC4_128_MD5, 83 #else 70 84 SSL_EDH_RSA_AES_256_SHA, 71 85 SSL_EDH_RSA_CAMELLIA_256_SHA, 72 86 SSL_EDH_RSA_AES_128_SHA, … … 79 93 SSL_RSA_DES_168_SHA, 80 94 SSL_RSA_RC4_128_SHA, 81 95 SSL_RSA_RC4_128_MD5, 96 #endif 82 97 0 83 98 }; 84 99 … … 515 530 ssl_set_rng (ks_ssl->ctx, ctr_drbg_random, rand_ctx_get()); 516 531 517 532 ALLOC_OBJ_CLEAR (ks_ssl->ssn, ssl_session); 533 #if POLARSSL_VERSION_NUMBER < 0x01020000 518 534 ssl_set_session (ks_ssl->ctx, 0, 0, ks_ssl->ssn ); 535 #endif 519 536 if (ssl_ctx->allowed_ciphers) 520 537 ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers); 521 538 else … … 828 845 ssl_get_version (ks_ssl->ctx), 829 846 ssl_get_ciphersuite(ks_ssl->ctx)); 830 847 848 #if POLARSSL_VERSION_NUMBER >= 0x01020000 849 cert = ks_ssl->ssn->peer_cert; 850 #else 831 851 cert = ks_ssl->ctx->peer_cert; 852 #endif 832 853 if (cert != NULL) 833 854 { 834 855 openvpn_snprintf (s2, sizeof (s2), ", " counter_format " bit RSA", (counter_type) cert->rsa.len * 8); -
src/openvpn/options.c
827 827 o->server_poll_timeout = 0; 828 828 #endif 829 829 #ifdef ENABLE_CRYPTO 830 #ifdef ENABLE_CRYPTO_POLARSSL 831 o->ciphername = "BLOWFISH-CBC"; 832 o->keysize = 16; 833 #else 830 834 o->ciphername = "BF-CBC"; 835 #endif 831 836 o->ciphername_defined = true; 832 837 o->authname = "SHA1"; 833 838 o->authname_defined = true;